0

I have the crazy plan to rewire my home network. Well currently it is a rather simple set up I guess, that I'd like to complicate :-) to get rid of my (not very stable) powerline adapters and to provide network connected wall-mounted RJ45 ports to 4 rooms of my house.

I am a software engineer with some knowledge about networks. I know stuff about IP addresses, MAC address, switches, routers the OSI layer model but some parts not very deep.

My current setup is as followed:

  • 3 story house
  • In the basement there is the incoming coax/TV line from my provider, there the coax line is split to 4 (coax) cables which go into 4 rooms
  • My Cable modem is in the attic (in my "office"), it is used in bridge mode, one of the coax lines goes into this modem
  • I have a new and fancy Synology RT2600ac router, lets call it "master rooter", the modem is connected to this masterrouter to the WAN port
  • On the master root there is stuff running like "threat prevention", DHCP, WLAN mesh start, Safe Access (devices can be assigned to profiles, which can be configured, what is allowed for each profile), port forward rules etc. etc. - the router is pretty new, I like it and I want to keep it, also it provides a great WiFi signal
  • In the office there are some devices (like my PC or a NAS) directly connected to the master router's other (LAN) ports (internal switch of router) by RJ45
  • One of the LAN ports of the router goes to a powerline adapter, adapter "PLA"
  • One other powerline adapter "PLB" is in on the ground-floor
  • On PLB is directly connected a TV and a WLAN access point (meshed with the router in the attic)
  • All devices are in the same network and use the master router as gateway for internet connections
  • One telephone is directly connected to the cable modem (RJ11)

As I said, I want to get rid of powerline (PLA/PLB) so the connection is more stable and maybe to also have easy access to LAN port in some rooms.

So the plan is to install RJ45 wall sockets into the 4 rooms, from those sockets 1-2 network (probably Cat. 7) will go down into the basement, where they are all connected to a patch panel.

Also I would like to install more than 1 telephone in the house, using a cable (not DECT), so I want the network sockets will most likely also have a (keystone) module for RJ11.

So the I guess the future setup will be:

  • Some kind of housing/rack in the basement for the network installation
  • cable modem placed directly in the basement inside the housing, coax from provider connect to cable modem
  • Cable modem no longer configured as "bridge" but in router mode, lets call it "cable modem router"
  • The master router shall not be placed in the housing/basement because of the concrete walls it would not provide a WLAN signal that can be reached even at ground floor, master router stays at its current location in the attic (this is essential)
  • In the housing (in the basement) is a switch connected to the cable modem router
  • From this switch the patch panel is served to connect to rooms with the switch
  • Telephone line from modem (RJ11) is also patched to some RJ11 ports (well I guess those things exist, but it is not very important for this scenario)
  • Master router is in attic (one of the patched rooms) and is connected to a RJ45 wall socket with the patch panel, connecting this device to the patch panel and the switch, so it is connected with the other devices in the network
  • Device in the office (computer, NAS) are connected either directly to the switch ports of the master router or a wall socket (RJ45) (I don't think it matters that much, where they are connected to the network)
  • Devices use their former static IP address or still get their IP address by DHCP from the master router
  • Master router still makes port forwarding, threat prevention, DHCP, safe access etc. etc. as before
  • Master routers gateway is the cable modem router
  • Cable modem router passes all traffic directly to the master router, without applying any filtering/rules etc.

Those this sound about right or is there a problem with this setup? Is this a good approach to solve the issue (fancy WLAN master router should not be in the basement)?

Improve this question
5
  • What do you gain from changing the modem to 'router' mode? If it does nothing else except act as the gateway for the Synology router, the reconfiguration seems useless and it'd be easier to just keep it in 'bridge' mode.
    – grawity_u1686
    Commented Feb 27, 2019 at 10:59
  • @grawity I want prevent, that the other devices in the network are directly in the internet. If I leave modem in bridge mode and connect the switch to it (from where the other devices are patched), wouldn't they be somehow "in the internet". Well I'm not so sure anymore. Maybe as the devices get an IP/Gateway from the DHCP they are safe? But I think there would be some DHCP conflict as surely the bridged cable modem/router would assign some internal IPs and also the master router. Or not?
    – Shihan
    Commented Feb 27, 2019 at 11:07
  • 1
    Then don't connect a switch to it, connect the switch to your attic router instead. 1) With the modem in router mode, devices connected directly to the modem will have 'private' addresses issued by the modem, so you could say they're not really exposed... but they will completely bypass your attic router and all the security features you wanted. 2) Those devices will not get addresses from your attic router, because the Ethernet link from modem (with a switch or without) needs to go into the attic router's "WAN" interface, which does not serve DHCP – it only does so on the "LAN" interface.
    – grawity_u1686
    Commented Feb 27, 2019 at 11:19
  • And yes, if you need a LAN switch in the basement, then what I'm saying is "basement modem → ethernet → 'WAN' port on attic router → 'LAN' port on attic router → ethernet → back to the basement → basement switch". (If you can only have one ethernet cable, you can make this work using two VLANs.)
    – grawity_u1686
    Commented Feb 27, 2019 at 11:26
  • @grawity thanks for the ellaboration. I believe I need a LAN switch in the basement, because with that component the devices (coming from the patch panel) will get interconnected.The device chain you supplied looks logical to me and also includes this basement LAN switch so the devices are connected to each other. basement modem to WAN on attic router would be directly patched (without using the switch) - this also looks to me, that modem can stay in bridge mode. Modem is only connected to the attic router directly (over the patch panel). Why don't you post it as an answer?
    – Shihan
    Commented Feb 27, 2019 at 12:10

1 Answer 1

Reset to default
1

There is no need to change the modem to 'router' mode.

You've described this topology:

===coax=== <WAN>
        cable modem
           <LAN> -------[ethernet switch]-------- <WAN>
                                             synology router
                                                  <LAN> --- etc.

In this situation, it doesn't matter whether devices connected directly to cable modem's switch will get public or private addresses, because you wouldn't want to have any devices connected there at all:

  • Your main reason for using the Synology router was its protection features, and connecting devices to the cable modem's switch would completely bypass the attic router.

  • From the attic router's perspective, the switch is on the "WAN" side. It is a separate network from your main LAN, it has separate addressing, and the Synology router does not serve DHCP on that interface. (Even if you statically configured the addresses to match Synology LAN, it wouldn't work as the devices would still be physically in the wrong network.)

  • Devices connected to this switch wouldn't be able to access your main Synology LAN, unless you configured a hole through its firewalls and security features. (Or you could use port forwarding to get into the LAN, but a home network that relies on port-forwarding inside the network is just not good design at all.)

  • Your main LAN would be able to access devices on this switch (as long as both routers use different subnet prefixes), but the Synology router would perform NAT on the connections, meaning these devices wouldn't see the real client IP addresses. This is just a minor issue (and in some routers a NAT exception can be configured), but it can be an annoyance depending on what exactly you run in the basement, and again – not great design.

If you need the switch because you must have Ethernet ports available in the basement, there's only one option: basement → attic → basement. Run one Ethernet cable from the modem directly to the router's WAN interface, and a second cable back from the router's LAN to the basement switch.

Once that's done, there is absolutely no advantage in having the modem in 'router' mode.

If you cannot run a second cable all the way, the same can be achieved using two managed switches with VLAN tagging:

  1. On both switches, configure 1) one port in 'access' mode for the "WAN" vlan, 2) one port in 'trunk' or 'all VLANs tagged' mode; 3) the remaining ports in 'access' mode for the "LAN" vlan.
  2. Install one switch in the basement, the other in the attic.
  3. Connect the switches together using the "trunk" port.
  4. On the attic switch, connect the designated "WAN" port to the router's WAN side, and one of the "LAN" ports to the router's LAN side.
  5. On the basement switch, connect the designated "WAN" port to the cable modem's Ethernet output. (Use the remaining ports for whatever you like.)
Improve this answer
1
  • I need the switch in the basement to connect the other devices together. Devices connected to outlet, outlet to patch panel in basement, patch panel to switch in basement. How else would those devices be interconnected? Otherwise, great answer!
    – Shihan
    Commented Feb 27, 2019 at 13:26

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .